Added some sanity checks to prevent buffer overflows.
Fixes Bugzilla #1074. (I think.)
--- a/src/joystick/linux/SDL_sysjoystick.c Fri Dec 30 04:03:31 2011 -0500
+++ b/src/joystick/linux/SDL_sysjoystick.c Fri Dec 30 04:04:34 2011 -0500
@@ -935,6 +935,10 @@
SDL_logical_joydecl(SDL_Joystick *logicaljoy = NULL);
SDL_logical_joydecl(struct joystick_logical_mapping* hats = NULL);
+ if (stick->nhats <= hat) {
+ return; /* whoops, that shouldn't happen! */
+ }
+
the_hat = &stick->hwdata->hats[hat];
if ( value < 0 ) {
value = 0;
@@ -973,6 +977,9 @@
static __inline__
void HandleBall(SDL_Joystick *stick, Uint8 ball, int axis, int value)
{
+ if ((stick->nballs <= ball) || (axis >= 2)) {
+ return; /* whoops, that shouldn't happen! */
+ }
stick->hwdata->balls[ball].axis[axis] += value;
}